saslauthd problems
Greg Groth
ggroth at gregs-garage.com
Tue Feb 28 13:48:52 EST 2006
I'm having difficulty getting saslauthd to check passwords against the
system accounts. System is a fresh install of FreeBSD 6.0 using Sendmail.
Sendmail was installed as part of the base FreeBSD install and
recompiled with the following added to /etc/make.conf
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
The following was added to my mc file, compiled, installed and restarted:
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
checking the Sendmail version gives me the following:
ns1# sendmail -d0.1 < /dev/null
Version 8.13.4
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
PIPELINING SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = ns1
(canonical domain name) $j = ns1.prisminnovations.com
(subdomain name) $m = prisminnovations.com
(node name) $k = ns1.prisminnovations.com
========================================================
cyrus-sasl & cyrus-sasl-authd were compiled using the ports using no
additional flags. Checking the versions gives me the following:
ns1# pkg_info -Ix sasl
cyrus-sasl-2.1.21 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.21 SASL authentication server for cyrus-sasl2
I have added 'saslauthd_enable="YES"' to /etc/rc.conf and have verified
that it is running.
contents of /usr/local/lib/sasl2/Sendmail.conf are as follows:
pwcheck_method: saslauthd
telnetting to localhost gives me the following:
ns1# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.prisminnovations.com.
Escape character is '^]'.
220 ns1.prisminnovations.com ESMTP Sendmail 8.13.4/8.13.4; Tue, 28 Feb
2006 12:21:41 -0600 (CST)
ehlo localhost
250-ns1.prisminnovations.com Hello localhost.prisminnovations.com
[127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH PLAIN LOGIN
250-DELIVERBY
250 HELP
As far as I can tell, I have everything as it should be. However when I
try to send an email, I get the following:
Feb 26 23:42:16 ns1 sm-mta[1783]: NOQUEUE: connect from
node-40241be2.mdw.onnet.us.uu.net [64.36.27.226]
Feb 26 23:42:16 ns1 sm-mta[1783]: AUTH: available mech=NTLM LOGIN
ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5, allowed mech=PLAIN LOGIN
Feb 26 23:42:16 ns1 sm-mta[1783]: k1R5gGCB001783: Milter: no active filter
Feb 26 23:42:17 ns1 sm-mta[1783]: k1R5gGCB001783: ruleset=check_rcpt,
arg1=<ggroth at gregs-garage.com>, relay=node-40241be2.mdw.onnet.us.uu.net
[64.36.27.226], reject=550 5.7.1 <ggroth at gregs-garage.com>... Relaying
denied. Proper authentication required.
From googling around for a solution, I have tried to rectify this by
adding a symlink /usr/lib/sasl2/ that points to /usr/local/lib/sasl2/
(where it's installed by the FreeBSD port) to no avail.
I have also tried adding sasl_saslauthd_flags="-a getpwent" to rc.conf
with the same result. Could anyone help me with what I should be
looking at next? I'm at a loss at this point.
TIA
Greg Groth
More information about the Cyrus-sasl
mailing list